I have a Netgear Orbi router at home. I've configured the VPN successfully and set the access to Home Network only.

When I downloaded the smartphone profile, my iPhone can connect to home using the OpenVPN iOS client. I can access my home resources as expected on their 192.168.242.0/24 IP addresses. My internet bound traffic goes out the LTE or wifi network and works as expected. Everything is all set here.

On the Windows side of things, its not going well. The Viscosity client imports the Windows config from the Orbi and connects just fine. However, I cannot access any home resources on 192.168.242.0/24 and I lose connectivity to the Internet. I've determined that the metric for the Viscosity interface is being set to 1 and my wifi interface metric is much higher (typically 25 or 50). When I turn off automatic metric on the Viscosity interface and set it to a higher number than my wifi, things work as expected (meaning I can hit my home resources on those IPs and my general internet still works).

I'm at home now so 172.20.10.5 represents my connection via tethering to my iPhone. The 192.168.242.120 connection is the VPN session. If I open up CMD and change metric to say 100 on the 192.168.242.120 route, everything works as I want it to. If I head into the Viscosity Adapter properties and turn off automatic metric and set to 100, everything works as I want it to.

I tried turning automatic metric off and manually setting the metric to 100 on the Viscosity network adapter but every subsequent connection to the VPN always resets it back to automatic metric which assigns 1 to the Viscosity adapter.

I've tried adding "route-metric 100" to the advanced options for the connection in Viscosity but this has no effect.

Is there a way to make the metric changes stick on the client side or tell Viscosity to set the metric to something arbitrary? The Orbi is, obviously, a closed platform so I don't think I can change any of the OpenVPN settings on the Orbi other than what's in the gui. I'd like to avoid writing manual scripts if possible for every Windows PC that I connect to the VPN or having to manually set the metric after every connection.

Previously, this worked on my old Netgear R8000, before it died, using the OpenVPN Community client. I'd like to stick with the Viscosity client since I also have a Mac that I'm going to try this out on once I get the windows side solved.

Any help is appreciated. Please let me know if I can provide any other information.

Unfortunately with the limited route table and no log it's hard to diagnose, but we can point you in the right direction.

You might be misunderstanding how the route table works. The lower the metric, the higher the priority a route gets used. By raising the metric, you are no longer using those routes. The metric is also used secondary to the subnet size. A smaller subnet, or range of IPs a route covers, will get used before a larger one.

The reason raising the metric is helping is probably because you are missing a route for your server. You should have a route reading something like:

You then probably have routes for your local network which will start working now the VPN traffic is trying to flow over the internet instead of through it's own tunnel.

If you are using a TAP connection instead of a TUN connection, which looks like it might be possible, this increases the complexity and you really need to know what you're doing for this. There is almost no gains unless you want specific types of traffic going over your VPN. If you are using a TAP connection, please setup your server again with a TUN connection instead.

Without a complete copy of your route table and a complete copy of your log, I'm afraid this is all we can really do to help. I understand you might be hesitant to post these on a public forum, of which case our support email is [email protected].

Thanks for the response. I was a bit tired and frustrated so apologies for the lack of logs and route data. I can repeat this on 2 work PCs, 1 VDI session, and my home laptop. It's something weird with Windows 10 unless Netgear changed the OpenVPN installation on the Orbi. It worked flawlessly on my Netgear R8000 before.

Oddly enough, it works totally fine and as expected on my Macbook. I tested that last night in desperation. Iphone/Ipad work fine so Windows is doing something strange here with the route metric. For the iOS devices, I'm using the smartphone profile that the Netgear creates. For the Mac, I used the non-windows profile it creates.

Back to the Windows PCs, I went so far as trying to add a Connect script and tried 2 different .bat files. One setting metric via netsh and another via the route command in Windows. It didn't stick and I ended up with metric 1 on the Netgear routes and it killed my connection as expected.

Windows connection is UDP TAP. This is what the Netgear profile creates for Windows when you download the Windows profile from the Orbi router.

I'm at work now so I don't want to post my routing tables and logs from there but I'll retest from home via iphone tether and get the full routing table and logs for you.

I'll switch the tunnel connection to UDP TUN and give that a shot too. Obri sets up both for you.

Eric, you're awesome. I changed tunnel mode to TUN and the port to match the netgear. So far working as expected on my one work PC. Routes for the network and internet are staying to my local gateway and my home traffic is hitting the tunnel. Metrics are weighted properly.

No idea why the pre-canned config that the Orbi generates would use Tap for Windows but there you go.

I'm going to leave the iphone and Mac as is using Tap using the preconfigured Orbi templates since I don't see a need to change those if they are working.

Thanks again. I will test on the other problematic machines tonight when I get home but I think we might have solved this.